Introduction to Configuring Authentication Types

System administrators can configure two types of authentication on the Server: Form-Based and Windows Single Sign-On (SSO).

• Form-Based authentication uses a form to prompt the user to enter a username and password each time they log into the Server. This information is specific to the Server. User accounts must be created by the system administrator. Refer to Creating And Managing User Accounts for more information. 
• SSO authentication allows the user to sign in one time with a username and password that is used by multiple applications (the Server, email, network, etc). Multiple authentication methods can be used to provide SSO. 

System administrators can configure, edit and turn on or off authentication methods. At least one authentication method must be turned on, but several can be on at the same time. Only one form-based authentication method exists and is automatically created on the Server; however, multiple SSO authentication methods can be configured. 

Available authentication options include the following:

• SAML
• Query String
• OAuth
• EPIC OAuth
• Cerner

If multiple SSO methods are configured, the login screen will display the methods in the order displayed on the Authentication Methods administrative screen.  To change the order that the SSO methods are displayed in, use the handles beside each method to rearrange the order.

System administrators can also add authentication methods to context-sensitive help connections. Refer to Managing Connection Profiles to the Server for more information. If no authentication method is assigned, users will be prompted to select an authentication method during the context-sensitive help request to the server.

System Administrators can select an authentication method to use as the default for two discrete scenarios. These options can be set in any of the authentication methods you create, except for any of type Query String.

• When users launch a course from an LMS but the content is managed in and run from the server. If multiple authentication methods are active in the server, setting a default method removes the need for users to decide which authentication method to use when launching a course from an LMS. When you create any authentication method type there will be a “Use as default for LMS Proxy” option.
• Learning Library access.  If multiple authentication methods are active in the server, setting a default method for this scenario removes the need for users to decide which authentication method to use when accessing the Learning Library. When you create any authentication method type, there will be a “Use as default for Learning Library” option.  Direct launches of a Learning Library URL, such as from an in-app help integration with a business application, can be configured to include an authentication method identifier. Any request to open the Learning Library that contains a valid identifier will use that authentication method regardless of the default setting on the server.